|
Search
|
|
You can use the form below to search our site. Just enter the
keywords to search.
|
|
 |
|
eBay And Amazon Still Vulnerable
|
January 4, 2022 |
|
With the holidays over and everyone heading back to work many people are breathing a
sigh of relief. With the holiday rush over, and a new year ahead you probably give no
thought to the question of "Was my online holiday shopping done safely and securely?".
Unfortunately the answer to this question could very well be no. Despite millions and
millions of dollars being spent each and every year by big name online ecommerce outfits
a good number still remains vulnerable to security flaws.
|
|
Read This Article
|
Article Read 419 Times |
|
Multiple Vulnerabilities In PhotoPost Pro
|
January 3, 2022 |
|
PhotoPost was designed to help you give your users exactly
what they want. Your users will be thrilled to finally be
able to upload and display their photos for your entire
community to view and discuss, all with no more effort than
it takes to post a text message to a forum. If you already
have a forum (vBulletin, UBB Threads, phpBB, DCForum, or
InvisionBoard), you'll appreciate that PhotoPost was designed
to seamlessly integrate into your site without the need for
your users to register twice and maintain two logins. PhotoPost
Pro is vulnerable to some serious SQL Injection issues as well as
cross site scripting. An update is available and all users should
upgrade now.
|
|
Read This Article
|
Article Read 434 Times |
|
Serious Vulnerabilities In PhotoPost ReviewPost
|
January 2, 2022 |
|
Your community of users represents a wealth of knowledge. Now
your users can help build and maintain your site by writing
reviews of any product imaginable. With ReviewPost, you will
quickly amass a valuable collection of user opinions about
products that relate to your site. ReviewPost can even use
your existing forum login system (if you have one) to keep your
users from having to register twice, and makes an excellent
companion to ReviewPost. PhotoPost ReviewPost are vulnerable to cross site
scripting, SQL Injection, and Arbitrary File Upload. There is a new
version of the software available and users are encouraged to upgrade.
|
|
Read This Article
|
Article Read 374 Times |
|
Serious Vulnerabilities In PhotoPost Classifieds
|
January 1, 2022 |
|
Add a full-featured user-to-user classified ads system to your
website to connect buyers with sellers. No matter what your users
interestes may be, they likely want to buy and sell items related
to your site's topic, and PhotoPost Classifieds makes it easy.
PhotoPost Classifieds is designed to integrate seamlessly into
your current site design, and can even use your existing forum
user database (if you have one) for one central login. PhotoPost Classifieds are vulnerable to cross site scripting, SQL Injection, and Arbitrary File Upload. There is a new version of the software available and users are encouraged to upgrade.
|
|
Read This Article
|
Article Read 241 Times |
|
File Include Vulnerability In php-Calendar
|
December 29th, 2004 |
|
I was searching for a decent calendar which my group at school could
use to keep track of events, etc. We were previously using localendar,
which I didn't like and it had some problems. I found CST-Calendar which
did most of what I wanted, but was rather ugly and missed some features
others in the group wanted. So, I gradually re-wrote CST-Calendar since
that project seems to have stopped work entirely.
[ As quoted from their website ] This program includes several potentially
very dangerous file include vulnerabilities. Since php-calendar is an open
source calendar it has been said that some developers use the php-calendar
in their own projects, thus potentially making their applications vulnerable as well.
|
|
Read This Article
|
Article Read 517 Times |
|
Vulnerabilities In WHM Autopilot
|
December 27th, 2004 |
|
Started by a webhost looking for more out of a simple managment
script, Brandee Diggs (Owner of Spinn A Web Cafe, Founder of
Benchmark Designs) setout to build an internal management system
that could handle the day to day operations of a normal hosting
company. The key was to remove the need to constantly watch your
orders and manage the installs. Alas, WHM AutoPilot was born.
[ as quoted from their official website ] WHM Autopilot is vulnerable
to a number of vulnerabilities such as cross site scripting, file
inclusion, and information disclosure.
|
|
Read This Article
|
Article Read 532 Times |
|
Critical Vulnerability In Help Center Live
|
December 24th, 2004 |
|
Help Center Live is a `Live` help desk system written in PHP using a MySql database
backend that features Live Support, Trouble Tickets and FAQ within one project. This
is a very popular application, especially with webhosts and other services. There
lies two file include vulnerabilities (both remote and local) that could allow an
attacker to execute malicious server side code on your webserver. Aditionally a cross
site scripting issue was found in Help Center Live.
|
|
Read This Article
|
Article Read 654 Times |
|
Cross Site Scripting In Psychostats
|
December 22nd, 2004 |
|
PsychoStats is a statistics generator for games. Currently there is support
for a handful of Half-Life "MODs" including Counter-Strike, Day of Defeat,
and Natural Selection. PsychoStats gathers statistics from the log files that
game servers create by reading through the logs and then calculating detailed
statistics for players, maps, weapons and clans. These detailed statistics
are stored in a MySQL database which are then viewed online from your website
using a set of PHP web pages. Cross site scripting exists in Jason Morriss
PsychoStats. This vulnerability exists due to user supplied input not being
checked properly. This vulnerability could be used to steal cookie based
authentication credentials within the scope of the current domain, or render
hostile code in a victim's browser.
|
|
Read This Article
|
Article Read 203 Times |
|
Multiple Kayako eSupport Vulnerabilities
|
December 18th, 2004 |
|
Kayako eSupport is one of the most feature packed support systems. This program is used by
many online businesses and webhosts to help with technical support and other various
support issues. This application is vulnerable to both Cross Site Scripting and SQL Injection
vulnerabilities. The SQL Injection vulnerabilities are fairly serious and may allow for an
attacker to influence SQL queries. Full details inside.
|
|
Read This Article
|
Article Read 476 Times |
|
Document Object Model Hijacking Explained
|
December 10, 2021 |
|
The 2004
Merriam-Webster word of the year was “blog”. For those of you that do not know,
blog is short for weblog. Millions of people around the world keep blogs, and
these people are not just limited to the tech savvy crowd. Blogs are not the
only increasingly popular web applications though. Wiki’s for example allow
many users to build an entire community and more by allowing anyone who wants
to contribute, to do so. Security is usually a fairly primary concern in an environment
with many users, and measures such as script filtering are taken to ensure that
no one tries anything “bad”, and that if they do they are unsuccessful in their
attempts. Unfortunately though, a good number of these applications are
susceptible to Document Object Model Hijacking.
|
|
Read This Article
|
Article Read 303 Times |
|
1
2
3
4
5
6
7
- Next
|
Results per-page: 5 | 10 | 20 | 50
|
|
Results 1 - 10 of 64
|
Page 1 of 7
|
|
|
